A basic privacy policy and terms & conditions is attached. I do not represent that this is compliant with GDPR, but it has most of the basic elements that I would expect to see in a policy, it is written in plain English, and it is only a couple of pages long. I think it is a lot better than nothing for our soft launch. Then we can continue working on it, and either go through a system to create form policies that are much more likely to cross off all of the technical requirements under various data security laws, or get some pro bono legal assistance from a privacy lawyer who is willing to take a look at it and get it into compliance with all of the basic requirements.